What happens in Las Vegas stays in Las Vegas, unless it spotlights how companies are tearing down the last remaining personal data protections.
Last week in Las Vegas, a husband and wife team were indicted for putting $60,000 in counterfeit $100 bills into slot machines at Caesar’s Palace.
Apparently the fake bills were of such high quality that the bill scanners on the slot machines accepted about 600 of the bogus Benjamins over the course of four days before the money laundering plot was uncovered.
But what makes this story interesting from a privacy and security perspective is how the alleged perpetrators were caught. It wasn’t the ubiquitous “eye in the sky” – the network of thousands of cameras watching every moment of action on the casino floor.
The bad guys were foiled by the player’s club card they were using to “earn” discounted show tickets and free buffet passes from gambling with their phony bills.
Greed, stupidity, and laziness are usually the downfall of any otherwise successful criminals, even ones who can allegedly create convincing counterfeit currency. In this case the indicted couple, Chen and Min Liu, seem to embody all three.
According to my favorite news source for all things Vegas, The Strip Podcast, local Sin City journalists Steve Friess and Miles Smith reported on August 16th that Lius were allegedly putting the counterfeit bills into slot machines, playing for a while then hitting the “cash out” button which issues a machine-readable ticket for the balance.
In addition to the money they were laundering, the pair reportedly won tens of thousands of dollars during their gambling spree, and then cashed in their pay-out tickets for cash – but not before making sure that they had plugged their Harrah’s (the parent company of Caesars Palace) “Total Rewards” cards into the slot machines.
The Total Rewards program lets the casino electronically track your gambling and in return you get credit towards “comps,” like free Celine Dion tickets or cheap eats at places like the celebrity restaurants of Bobby Flay or Guy Savoy.
It was only after the bills were removed from the slot machines and added to that day’s receipts – almost 48 hours later – that the alarm bells went off on the more sensitive currency scanners in the counting room. Any good crook working in Las Vegas knows that even before they set foot on the casino floor, their every move is being scrutinized by security staff monitoring myriad systems, from the aforementioned cameras to sensors on slot machines and roulette wheels looking for signs of tampering or other misbehavior.
When casino security began looking through their massive surveillance systems to see who’d been pumping the funny money into those Gems Wild-Tilesand approximately a dozen other slot machines, they were able to identify precisely when the bills were inserted.
That’s when investigators noticed that the perps were using their Harrah’s Total Rewards card.
Naturally, it didn’t take long for investigators, who by that time included casino security and the United States Secret Service, to assemble enough evidence to make the arrests. When the trap was sprung, the couple had about $27,000 in genuine cash in their possession, and about $30,000 in fake bills stashed in their SUV – an Escalade, of course.
Like so many customer tracking and rewards programs, casino player’s club programs are a fairly benign form of privacy invasion. Indeed, because of the nature of such programs, the compromises made in individual privacy are very much a bargained-for exchange between willing parties.
Casinos love to know where their best customers are spending their time – and money – on the casino floor, and that information is so valuable that they’re willing to lavish free rooms, food, and entertainment in exchange for that data.
For privacy advocates, such programs have always been the source of much consternation. Consumers often report that they are deeply suspicious of being tracked and profiled by companies, and that such fears make them dislike and distrust those companies.
Yet at the same time, woe be unto any airline who fails to track someone’s flights and credit the proper number of frequent flyer points. Similarly, just last week I saw a lady pitching a fit at Safeway because she didn’t get the 85 cents off her bottle of soda that she was entitled to through her club card.
So what makes the difference between unacceptable privacy invasion and someone having a conniption because they weren’t being properly spied upon? The answer is in two words: value proposition.
When people join a casino player’s club, or a discount club at the grocery store, or an airline frequent flyer program, they’re doing so because the company has offered a sufficiently compelling value proposition for that tradeoff in privacy.
Just look at the difference between the love people have for player’s clubs (a glance at the huge lines standing outside the player’s club private lounge to get the free buffets inside tells you everything you need to know) versus the suspicion people have when they first notice how many cameras are pointed at them, just in the elevator alone.
Yes, yes, the cameras are there for the generic public good, but for a more specific and private good, you can’t beat a slab of free prime rib!
Over the last decade I have consulted with many companies, from major corporations to small start-up firms, who have tried to figure out new and innovative ways to gather information about consumers in order to build detailed profiles for use in targeted marketing and advertising.
During the course of almost every one of those consulting projects, I kept my clients focused on how to identify and present the value proposition to end-users in order to mitigate negative perceptions. At the end of the day, the extent to which the activities were perceived as either an acceptable privacy trade-off or an unacceptable privacy invasion almost always turned on how compelling they could make the value proposition. Any company seeking to capitalize on the vast amounts of detailed customer data at their disposal needs only to look to the wild success of casino player’s clubs and the rest of the universe of customer affinity and rewards programs.
Programs like these demonstrate the value that can be had, and shared, when a company can build the kind of relationship with consumers, that allows them to leverage that data in ways that make consumers demand to be tracked, instead of demanding to be left alone.